Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'AgsgEEYI.exe' = '%HOMEPATH%\WSgUIcco\AgsgEEYI.exe'
- [<HKLM>\System\CurrentControlSet\Services\pAYAwAkH] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\pAYAwAkH] 'ImagePath' = '%ALLUSERSPROFILE%\KggMsgUM\ZCUIEwIE.exe'
- 'pAYAwAkH' %ALLUSERSPROFILE%\KggMsgUM\ZCUIEwIE.exe
- %HOMEPATH%\wsguicco\agsgeeyi
- %ALLUSERSPROFILE%\vksascyu\ksugccqw
- %HOMEPATH%\wsguicco\agsgeeyi.exe
- %ALLUSERSPROFILE%\kggmsgum\zcuiewie.exe
- %WINDIR%\syswow64\config\systemprofile\wsguicco\agsgeeyi
- http://google.com/
- DNS ASK bl##k.io
- DNS ASK google.com
- ClassName: '' WindowName: 'KSUgccQw.exe'
- ClassName: '' WindowName: 'Microsoft Windows'
- '%HOMEPATH%\wsguicco\agsgeeyi.exe'
- '%ALLUSERSPROFILE%\kggmsgum\zcuiewie.exe'